Cybersecurity of T&D assets, control systems featured at IEEE technical conference

Both IEEE and the North American Electric Reliability Council (NERC) are addressing standards for cyber security. For IEEE, a new standard under development is "Trial Use Standard for Cyber Security of Serial SCADA Links and IED Remote Access." For NERC, the Board of Trustees recently adopted eight new cybersecurity standards that address asset identification, security management controls, personnel and training, perimeter security, systems security, incident reporting and response planning, and recovery plans.

According to Tobias Whitney, practice leader for Critical Infrastructure Protection at Burns & McDonnell, electronic sabotage or cyber attack can cause significant damage to electric power T&D, generation and communications systems. He says, "Cyber attacks can damage substation and generator control equipment, and possibly cause widespread cascading outages that would adversely impact manufacturing production and vital services. Interoperable systems, especially systems using off-the-shelf software, such as Windows-based systems, are particularly vulnerable."

Responding to industry interest in learning how to best avoid these electronic terrorist threats, the IEEE T&D Conference included two sessions on cyber security: Super Session 4: Cyber Security of T&D Assets? How Vulnerable is Your System? and Tutorial: Security of Cyber Control Systems.

The Super Session 4 panel presented the scale of the problem, some case study examples, and the main measures and practices that the electric industry must consider and implement to reduce the risks. It was chaired by Juan Torres, Sandia National Laboratories. Other panelists were: Hank Kenchington, National SCADA Test Bed, U.S. Department of Energy; Lynn Constantini, North American Electric Reliability Council; and Jason Stamp, Sandia National Laboratories.